def handle_submit(self):
amount = self.amount
try:
is_email(self.request.form['email'])
except Exception as e:
self.error = str(e)
if self.cart.shippable and not self.cart.data.get('ship_method'):
self.error = ('Something went wrong while calculating shipping. '
'Your payment has not been processed. '
'Please contact us for assistance.')
if self.error:
return
userid = get_current_userid()
contact_info = PersistentMapping()
for f in ('first_name', 'last_name', 'email', 'phone', 'address',
'city', 'state', 'zip', 'country'):
contact_info[f] = self.request.form[f]
method = 'Online Payment'
if self.is_superuser():
method = self.request.form.get('method', 'None')
if method not in ('Online Payment', 'Check', 'Cash', 'None'):
raise Forbidden('Invalid payment method: %s' % method)
if amount and (method == 'None'):
raise Forbidden('Invalid payment method: None')
charge_result = {'success': True}
if amount and method == 'Online Payment':
if 'stripeToken' not in self.request.form:
self.error = 'Unable to process payment. Please try again.'
return
card_token = self.request.form['stripeToken']
try:
charge_result = process_interactive_payment(
self.cart, card_token, contact_info)
charge_result['success'] = True
except PaymentProcessingException as e:
charge_result = {
'success': False,
'err_msg': e.message,
'err_code': getattr(e, 'code', None),
}
self.error = e.message
if not self.error:
try:
self.store_order(method, charge_result, userid, contact_info)
self.notify_purchased()
self.clear_cart()
except ConflictError:
self.error = ('Failed to store results of payment after '
'multiple retries. Please contact us for '
'assistance. ')
def _validate_contact_id(self):
"""Return True if the contact_id from the request is valid.
:raises: Forbidden
"""
id = self.request.form.get('contact_id', None)
if id is None:
raise Forbidden('contact_id was not set.')
else:
try:
id = int(id)
except ValueError:
raise Forbidden('contact_id is not an integer.')
return True
def __call__(self):
if 'login' in self.request.form:
self._generate_url('login')
elif 'register' in self.request.form:
if not self.user_can_register():
raise Forbidden()
self._generate_url('register')
elif 'connect' in self.request.form:
if checkPermission('cmf.SetOwnPassword', self.context):
self._generate_url('connect')
else:
raise Forbidden()
return self.template(self)
def _check_internal_request(self):
# WARNING: The security is done here by using the request layer
# IInternalOpengeverRequestLayer provided by the ogds PAS plugin.
# The view has to be public, since the user may not have any
# permission on this context.
if not IInternalOpengeverRequestLayer.providedBy(self.request):
raise Forbidden()
def traverse(self, name, ignored):
# The context is important here, since it becomes the parent of the
# resource, which is needed to generate the absolute URL.
res = namespace.getResource(self.context, name, self.request)
if isinstance(res, InterfaceClass):
raise Forbidden('Access to traverser is forbidden.')
return res
def publishTraverse(self, request, name):
object = self.context
URL = request['URL']
if name[:1] == '_':
raise Forbidden("Object name begins with an underscore at: %s" %
URL)
if hasattr(object, '__bobo_traverse__'):
try:
subobject = object.__bobo_traverse__(request, name)
if type(subobject) is type(()) and len(subobject) > 1:
# Add additional parents into the path
# XXX There are no tests for this:
request['PARENTS'][-1:] = list(subobject[:-1])
object, subobject = subobject[-2:]
except (AttributeError, KeyError, NotFound), e:
# Try to find a view
subobject = queryMultiAdapter((object, request), Interface,
name)
if subobject is not None:
# OFS.Application.__bobo_traverse__ calls
# REQUEST.RESPONSE.notFoundError which sets the HTTP
# status code to 404
request.response.setStatus(200)
# We don't need to do the docstring security check
# for views, so lets skip it and return the object here.
return subobject.__of__(object)
# No view found. Reraise the error raised by __bobo_traverse__
raise e
def _resolveSubpath(self, path):
parts = path.split('/')
filepath = os.path.abspath(os.path.join(self.directory, *parts))
if not filepath.startswith(self.directory):
raise Forbidden('Invalid path resource')
return filepath
def checkGuard(self, _exec=False):
guard = self.guard
if guard is None or _checkGuard(guard, aq_parent(self)):
return 1
if _exec:
raise Forbidden('Calling %s %s is denied by Guard.' %
(self.meta_type, self.id))
def MKCOL(self, REQUEST, RESPONSE):
"""Create a new collection resource."""
self.dav__init(REQUEST, RESPONSE)
if REQUEST.get('BODY', ''):
raise UnsupportedMediaType('Unknown request body.')
name = self.__name__
parent = self.__parent__
if hasattr(aq_base(parent), name):
raise MethodNotAllowed('The name %s is in use.' % name)
if not isDavCollection(parent):
raise Forbidden('Cannot create collection at this location.')
ifhdr = REQUEST.get_header('If', '')
if IWriteLock.providedBy(parent) and parent.wl_isLocked():
if ifhdr:
parent.dav__simpleifhandler(REQUEST, RESPONSE, col=1)
else:
raise Locked
elif ifhdr:
# There was an If header, but the parent is not locked
raise PreconditionFailed
# Add hook for webdav MKCOL (Collector #2254) (needed for CMF)
mkcol_handler = getattr(parent, 'MKCOL_handler',
parent.manage_addFolder)
mkcol_handler(name)
RESPONSE.setStatus(201)
RESPONSE.setBody('')
return RESPONSE
def PUT(self, REQUEST, RESPONSE):
""" """
if REQUEST.environ['REQUEST_METHOD'] != 'PUT':
raise Forbidden('REQUEST_METHOD should be PUT.')
body = REQUEST['BODY']
self.po_import(self.id, body)
RESPONSE.setStatus(204)
return RESPONSE
def generic_query(self,
script_path='all-documents',
output_format='json',
deserialize_json=False,
**kw):
""" Public query API for calling xquery scripts through RESTXQ.
The related xquery script must expose is functionality through
http://host:port/exist/restxq/<script_path>.<output_format>.
The result is then returned as text (html, xml) or deserialized
JSON data structure.
Note that <script_path> must start with '/db/' or 'db/'.
"""
if self.context and not self.context.api_enabled:
raise Forbidden('API not enabled')
if output_format not in ('json', 'xml', 'html'):
raise NotFound(
'Unsupported output format "{}"'.format(output_format))
registry = getUtility(IRegistry)
settings = registry.forInterface(IConnectorSettings)
pr = urlparse.urlparse(settings.connector_url)
url = '{}://{}/exist/restxq/{}.{}'.format(pr.scheme, pr.netloc,
script_path, output_format)
session = requests.Session()
adapter = requests.adapters.HTTPAdapter(max_retries=3)
session.mount('http://', adapter)
session.mount('https://', adapter)
result = session.get(url,
auth=HTTPBasicAuth(
settings.connector_username,
settings.connector_password or ''),
params=kw)
if result.status_code != 200:
raise APIError(
'eXist-db return an response with HTTP code {} for {}'.format(
result.status_code, url))
if output_format == 'json':
data = result.json()
if deserialize_json:
# called internally (and not through the web)
data = result.json()
return data
else:
data = result.text
self.request.response.setHeader('content-type',
'application/json')
self.request.response.setHeader('content-length', len(data))
return data
else:
data = result.text
self.request.response.setHeader('content-type',
'text/{}'.format(output_format))
self.request.response.setHeader('content-length', len(data))
return data
def _validateProxy(self, roles=None):
if roles is None:
roles = self._proxy_roles
if not roles:
return
user = getSecurityManager().getUser()
if user is not None and user.allowed(self, roles):
return
raise Forbidden('You are not authorized to change <em>%s</em> '
'because you do not have proxy roles.\n<!--%s, %s-->' %
(self.id, user, roles))
def testCustomExceptionViewForbidden(self):
from zExceptions import Forbidden
registerExceptionView(IForbidden)
environ = self._makeEnviron()
start_response = DummyCallable()
_publish = DummyCallable()
_publish._raise = Forbidden('argh')
app_iter = self._callFUT(environ, start_response, _publish)
body = b''.join(app_iter)
self.assertEqual(start_response._called_with[0][0], '403 Forbidden')
self.assertTrue(b'Exception View: Forbidden' in body)
def old_validation(groups, request, auth,
roles=UNSPECIFIED_ROLES):
if auth:
auth = request._authUserPW()
if auth:
name, password = auth
elif roles is None:
return ''
else:
return None
elif 'REMOTE_USER' in request.environ:
name = request.environ['REMOTE_USER']
password = None
else:
if roles is None:
return ''
return None
if roles is None:
return name
keys = None
try:
keys = groups.keys
except Exception:
try:
groups = groups() # Maybe it was a method defining a group
keys = groups.keys
except Exception:
pass
if keys is not None:
# OK, we have a named group, so apply the roles to the named
# group.
if roles is UNSPECIFIED_ROLES:
roles = keys()
g = []
for role in roles:
if role in groups:
g.append(groups[role])
groups = g
for d in groups:
if name in d and (d[name] == password or password is None):
return name
if keys is None:
# Not a named group, so don't go further
raise Forbidden(
"""<strong>You are not authorized to access this resource""")
return None
def render(self):
if not IInternalOpengeverRequestLayer.providedBy(self.request):
raise Forbidden()
transition = self.request.get('transition')
text = self.request.get('text')
responsible = self.request.get('responsible')
responsible_client = self.request.get('responsible_client')
if self.is_already_done(transition, text):
# Set correct content type for text response
self.request.response.setHeader("Content-type", "text/plain")
return 'OK'
wftool = getToolByName(self.context, 'portal_workflow')
# change workflow state
before = wftool.getInfoFor(self.context, 'review_state')
before = wftool.getTitleForStateOnType(before, self.context.Type())
wftool.doActionFor(self.context, transition)
after = wftool.getInfoFor(self.context, 'review_state')
after = wftool.getTitleForStateOnType(after, self.context.Type())
# create response
response = add_simple_response(
self.context,
transition=transition,
text=text)
if responsible and responsible is not 'None':
# special handling for reassign
response.add_change(
'reponsible',
_(u"label_responsible", default=u"Responsible"),
ITask(self.context).responsible,
responsible)
ITask(self.context).responsible_client = responsible_client
ITask(self.context).responsible = responsible
notify(ObjectModifiedEvent(self.context))
response.add_change('review_state', _(u'Issue state'),
before, after)
# Set correct content type for text response
self.request.response.setHeader("Content-type", "text/plain")
return 'OK'
def check_delete_preconditions(repository, event):
"""It's not allowed to delete repository folders or the repository root
"""
# Ignore plone site deletions
if IPloneSiteRoot.providedBy(event.object):
return
# Allow deletion done through the RepositoryDeleter
if IDuringRepositoryDeletion.providedBy(event.object.REQUEST):
return
raise Forbidden('Deleting repository folders and roots is not allowed')
def checkCSRFToken(request, token='csrf_token', raises=True):
""" Check CSRF token in session against token formdata.
If the values don't match, and 'raises' is True, raise a Forbidden.
If the values don't match, and 'raises' is False, return False.
If the values match, return True.
"""
if request.form.get(token) != getCSRFToken(request):
if raises:
raise Forbidden('incorrect CSRF token')
return False
return True
def apply(self, obj, token, sm, url=None, result=None, top=1):
if result is None:
result = StringIO()
url = urlfix(url, 'DELETE')
url = urlbase(url)
iscol = isDavCollection(obj)
errmsg = None
parent = aq_parent(obj)
islockable = IWriteLock.providedBy(obj)
if parent and (not sm.checkPermission(delete_objects, parent)):
# User doesn't have permission to delete this object
errmsg = "403 Forbidden"
elif islockable and obj.wl_isLocked():
if token and obj.wl_hasLock(token):
# Object is locked, and the token matches (no error)
errmsg = ""
else:
errmsg = "423 Locked"
if errmsg:
if top and (not iscol):
if errmsg == "403 Forbidden":
raise Forbidden()
if errmsg == "423 Locked":
raise Locked()
elif not result.getvalue():
# We haven't had any errors yet, so our result is empty
# and we need to set up the XML header
result.write('<?xml version="1.0" encoding="utf-8" ?>\n' \
'<d:multistatus xmlns:d="DAV:">\n')
result.write('<d:response>\n <d:href>%s</d:href>\n' % url)
result.write(' <d:status>HTTP/1.1 %s</d:status>\n' % errmsg)
result.write('</d:response>\n')
if iscol:
for ob in obj.objectValues():
dflag = hasattr(ob,'_p_changed') and (ob._p_changed == None)
if hasattr(ob, '__dav_resource__'):
uri = urljoin(url, absattr(ob.getId()))
self.apply(ob, token, sm, uri, result, top=0)
if dflag:
ob._p_deactivate()
if not top:
return result
if result.getvalue():
# One or more subitems can't be delted, so close the multistatus
# element
result.write('</d:multistatus>\n')
return result.getvalue()
def _curried(*args, **kw):
request = args[r_index]
if IBrowserRequest.providedBy(request):
if request.method not in methods:
raise Forbidden('Request must be %s' % methodsstr)
# Reconstruct keyword arguments
if defaults is not None:
args, kwparams = args[:arglen], args[arglen:]
for positional, (key, default) in zip(kwparams, defaults):
if positional is _default:
kw[key] = default
else:
kw[key] = positional
return callable(*args, **kw)
def PUT(self, REQUEST, RESPONSE):
"""
Handle HTTP PUT requests for FTP/Webdav upload, which is object
dependent. For now only set the text content...
"""
self.dav__init(REQUEST, RESPONSE)
self.dav__simpleifhandler(REQUEST, RESPONSE, refresh=1)
if REQUEST.environ['REQUEST_METHOD'] != 'PUT':
raise Forbidden('REQUEST_METHOD should be PUT.')
text_content = REQUEST.get('BODY')
if text_content is None:
RESPONSE.setStatus(304)
else:
self.setTextContent(text_content)
RESPONSE.setStatus(204)
return RESPONSE
def _validateProxy(self, request, roles=None):
if roles is None:
roles = self._proxy_roles
if not roles:
return
user = u = getSecurityManager().getUser()
user = user.allowed
for r in roles:
if r and not user(self, (r, )):
user = None
break
if user is not None:
return
raise Forbidden(
'You are not authorized to change <em>%s</em> because you '
'do not have proxy roles.\n<!--%s, %s-->' %
(self.__name__, u, roles))
def _curried(*args, **kw):
request = None
if len(args) > r_index:
request = args[r_index]
if isinstance(request, HTTPRequest):
if request.get('REQUEST_METHOD', 'GET').upper() != 'POST':
raise Forbidden('Request must be POST')
# Reconstruct keyword arguments
if defaults is not None:
args, kwparams = args[:arglen], args[arglen:]
for positional, (key, default) in zip(kwparams, defaults):
if positional is _default:
kw[key] = default
else:
kw[key] = positional
return callable(*args, **kw)
def __call__(self):
url = self.get_came_from()
if api.user.is_anonymous():
# We might try to let the user re-authenticate,
# but that will likely lead to infinite redirects.
if not url and self.get_came_from(include_login_templates=True):
# The user came from a login-related page, so we do not redirect.
raise Forbidden("ERROR: headerlogin failed")
# Okay, it seems safe to redirect to require_login (or elsewhere).
# Actually, require_login itself redirects anonymous users to /login.
self.request.response.redirect(self.context.absolute_url() +
"/login")
return
if not url:
nav_root = api.portal.get_navigation_root(self.context)
url = nav_root.absolute_url()
# Temporary redirect.
# Note: zope.publisher makes this 302 for HTTP/1.0 and 303 for higher.
self.request.response.redirect(url)
def checkCSRFToken(request, token='csrf_token', raises=True):
""" Check CSRF token in session against token formdata.
If the values don't match, and 'raises' is True, raise a Forbidden.
If the values don't match, and 'raises' is False, return False.
If the values match, return True.
"""
if getattr(request, 'SESSION', None) is None:
# Sessioning is not available at all, just give up
logger.warning(
'Built-in CSRF check disabled - sessioning not available')
return True
if request.form.get(token) != getCSRFToken(request):
if raises:
raise Forbidden('incorrect CSRF token')
return False
return True
def PUT(self, REQUEST, RESPONSE):
"""Create a new non-collection resource.
"""
if getattr(self.__parent__, 'PUT_factory', None) is not None: # BBB
return NullResource_PUT(self, REQUEST, RESPONSE)
self.dav__init(REQUEST, RESPONSE)
if REQUEST.environ['REQUEST_METHOD'] != 'PUT':
raise Forbidden('REQUEST_METHOD should be PUT.')
name = self.__name__
parent = self.__parent__
ifhdr = REQUEST.get_header('If', '')
if IWriteLock.providedBy(parent) and parent.wl_isLocked():
if ifhdr:
parent.dav__simpleifhandler(REQUEST, RESPONSE, col=1)
else:
# There was no If header at all, and our parent is locked,
# so we fail here
raise Locked
elif ifhdr:
# There was an If header, but the parent is not locked
raise PreconditionFailed
# <ERP5>
# XXX: Do we really want to force 'id'
# when PUT is called on Contribution Tool ?
kw = {'id': name, 'data': None, 'filename': name}
contribution_tool = parent.getPortalObject().portal_contributions
if aq_base(contribution_tool) is not aq_base(parent):
kw.update(container=parent, discover_metadata=False)
ob = contribution_tool.newContent(**kw)
# </ERP5>
ob.PUT(REQUEST, RESPONSE)
RESPONSE.setStatus(201)
RESPONSE.setBody('')
return RESPONSE
def PUT(self, REQUEST, RESPONSE):
""" Handle HTTP (and presumably FTP?) PUT requests """
self.dav__init(REQUEST, RESPONSE)
self.dav__simpleifhandler(REQUEST, RESPONSE, refresh=1)
if REQUEST.environ['REQUEST_METHOD'] != 'PUT':
raise Forbidden('REQUEST_METHOD should be PUT.')
body = REQUEST.get('BODY', '')
try:
headers = self.parseHeadersFromText(body)
content_type = REQUEST.get_header('Content-Type', '')
headers.setdefault('content_type', content_type)
headers['file'] = StringIO(body)
self._edit(**headers)
except ResourceLockedError:
transaction.abort()
RESPONSE.setStatus(423)
return RESPONSE
RESPONSE.setStatus(204)
self.reindexObject()
return RESPONSE
def __call__(self):
"""Open a connection to the CiviCRM server using the
configuration information stored on the registry and the
current user account.
:raises: Forbidden
"""
url = api.portal.get_registry_record(URL_RECORD)
site_key = api.portal.get_registry_record(SITE_KEY_RECORD)
api_key = api.user.get_current().getProperty('api_key', None)
# can not open connection to server if no api_key is provided
if not api_key:
raise Forbidden(
'No API key defined. You can not access CiviCRM server.')
# for now, we can use any kind of connection
# in the future, we must enforce use_ssl=True
# as CiviCRM stores personal information of users
use_ssl = urlparse(url).scheme == 'https'
self.civicrm = CiviCRM(
url, site_key, api_key, use_ssl=use_ssl, timeout=TIMEOUT)
def generate_excerpt(self):
"""Generate an excerpt of an agenda item and store it in
the meeting dossier.
"""
if not self.context.model.is_editable():
raise Unauthorized("Editing is not allowed")
if not self.agenda_item.can_generate_excerpt():
raise Forbidden('Generating excerpt is not allowed in this state.')
try:
self.agenda_item.generate_excerpt(
title=self.request.form['excerpt_title'])
except MissingMeetingDossierPermissions:
return (JSONResponse(self.request).error(
_('error_no_permission_to_add_document',
default=u'Insufficient privileges to add a'
u' document to the meeting dossier.')).remain().dump())
return (JSONResponse(self.request).info(
_('excerpt_generated',
default=u'Excerpt was created successfully.')).proceed().dump())
def __call__(self):
atool = queryUtility(IActionsTool)
if atool is None:
# re-raise the unhandled exception
raise self.context
try:
target = atool.getActionInfo('user/login')['url']
except ValueError:
# re-raise the unhandled exception
raise self.context
req = self.request
if (not req['REQUEST_METHOD'] in ('HEAD', 'GET', 'PUT', 'POST')
or req.environ.has_key('WEBDAV_SOURCE_PORT')):
# re-raise the unhandled exception
raise self.context
attempt = getattr(req, '_cookie_auth', ATTEMPT_NONE)
if attempt not in (ATTEMPT_NONE, ATTEMPT_LOGIN):
# An authenticated user was denied access to something.
# XXX: hack context to get the right @@standard_macros/page
# why do we get the wrong without this hack?
self.context = self.__parent__
raise Forbidden(self.forbidden_template())
_expireAuthCookie(self)
came_from = req.get('came_from', None)
if came_from is None:
came_from = req.get('ACTUAL_URL')
query = req.get('QUERY_STRING')
if query:
# Include the query string in came_from
if not query.startswith('?'):
query = '?' + query
came_from = came_from + query
url = '%s?came_from=%s' % (target, quote(came_from))
raise Redirect(url)
def __call__(self):
raise Forbidden()
